Hacking and Anonymous surfing

Whistleblower website WikiLeaks has posted a mysterious encrypted “insurance file,” touching off speculation about what it contains.

Wired magazine said the 1.4-gigabyte “insurance file” appeared on WikiLeaks’ “Afghan War Diary” page several days after the site released tens of thousands of classified documents related to the war in Afghanistan.

Cryptome, another whistleblower site, said it may have been “pre-positioned for public release” in the event of a “takedown” of WikiLeaks by US authorities or if something happens to its founder, Julian Assange, an Australian national. “In either scenario, WikiLeaks volunteers, under a prearranged agreement with Assange, could send out a password or passphrase to allow anyone who has downloaded the file to open it,” Wired said. The file is also available on a file-sharing site in addition to the WikiLeaks page.

A security researcher involved with the Wikileaks Web site was detained by U.S. agents at the border for three hours and questioned about the controversial whistleblower project as he entered the country on Thursday to attend a hacker conference, sources said on Saturday. He was also approached by two FBI agents at the Defcon conference after his presentation on Saturday afternoon about the Tor Project.

Jacob Appelbaum, a Seattle-based programmer for the online privacy protection project called Tor, arrived at the Newark, New Jersey, airport from Holland flight Thursday morning when he was pulled aside by customs and border protection agents who told him he was randomly selected for a security search, according to the sources familiar with the matter who asked to remain anonymous.

Black Hat is a technical security conference, which brings together thousands of industry researchers, professionals and journalists every year in Las Vegas. Black Hat and its sister conference DEF CON, are widely viewed as the top security events and hacker gatherings in the world.

At this years Black Hat USA edition, the organizers are providing a portal, where non-participants can view the presentations and keynotes in real time over the Internet. Dubbed the Black Hat Uplink, the system gives paying users access to two separate video streams, as well as post-conference material.

“With Black Hat Uplink, you can experience essential content that shapes the security industry for the coming year – for only $395,” the organizers claim. However, as Michael Coates, a Mozilla Web security expert discovered, that wasn’t necessarily true.

Research in Motion, the creator of the widely used enterprise-come-consumer BlackBerry device, has an uncertain position in India.

The Indian government’s internal security and intelligence services cannot break the encryption of the device, which makes countering terror threats and national security matters difficult – especially for a region which faces constant threats and attacks from domestic Maoist insurgents and extremist Islamic groups.

Nearly two years ago, around 170 people were killed in the 2008 Mumbai attacks which lasted two days, and was reported primarily by citizens on the ground through citizen journalism; posting updates to Twitter and Facebook through their mobile devices.

The Motorola Droid 2 is all but official at this point. We have seen numerous rumors indicating an August launch, and today, the entire user guide for the Droid successor has been leaked online. The 70 page report doesn’t reveal any earth shattering features, but does confirm Android 2.2 and a MotoBlur Skin similar to the Droid X.

In case you like the MotoBlur skin featured on the Droid X, then you’ll be happy to know the Droid 2 runs the same MotoBlur skin. In addition, the Droid 2 comes pre-loaded with the Blockbuster app and Swype. Obviously, the most notable feature on the Droid 2 is its physical QWERTY keyboard, but combined with Swype, you have the option for speedy virtual messaging. Based on the Google search menu, the Droid 2 will run Android 2.2 (Froyo) out of the box.

All that we need to know now is official pricing and availability.

Remember that torrent yesterday that contained the personal information off of 100 million scraped Facebook profiles? I thought it was strange that the guy didn’t sell this information, since many companies would be interested. Turns out they are interested.

Reader Clint discovered that all you had to do is use something like Peer Block, which grabs the IPs of the other users also downloading the torrent and identifies which company or university or organization they belong to. You can check this yourself by hopping on the torrent and doing the same thing.

Digital copiers pose security risks that companies may not appreciate, especially smaller firms without dedicated information-security staff. But what the greatest threat is, and how high the relative risk levels are, are matters of current debate.

The issue has received a lot of attention since April, when the CBS Evening News ran a report on it. CBS declined to say how much traffic its video report has generated on its own Website, but the network also posted the report on YouTube, where it has received almost 1 million views, and the blogosphere has not stopped buzzing about the topic.

Most business copiers today have hard drives on which images of copied or scanned pages are stored. Most copiers are leased, and after lease terms expire leasing companies often unload the used machines to wholesale resellers. If a company doesn’t wipe the hard drive clean before returning a copier, its contents — which could include sensitive employee or customer information — could be exposed to identity thieves. The same applies to copiers that a company owns and tries to sell.

Many developers and users of Apple’s iOS devices bemoan the “walled garden” of the App Store approval process, but it appears that the company’s measures have prevented mass data theft from iPhones, and iPads.

At the Black Hat security conference being held in Las Vegas this week, mobile security firm Lookout announced that an app distributed in Google’s Android Market had collected private information from millions of users, then forwarded it to servers in China. Worse than that, the exact number of affected users isn’t known, since the Android Market doesn’t provide precise data. Estimates are that the app was downloaded anywhere from 1.1 million to 4.6 million times.

The app appeared to simply load free custom background wallpapers, but in fact collected a user’s browsing history, text messages, the SIM card number, and even voice mail passwords, and then sent the data to a web site in Shenzen, China.

If an international cyber-war were ever to destroy the internet as we know it, the seven chosen ones have been tasked to revive it.

Seven individuals across the world now hold the safety of the internet in their hands. Should the internet ever be taken down by cyber-terrorists, these guardians are now in possession of keycards that would be able to reboot it.

Hailing from Britain, the U.S., Burkina Faso, Trinidad and Tobago, Canada, China, and the Czech Republic, these members of the cyber-security elite aren’t generals or presidents, but rather internet specialists. They sound like pretty soft targets to me for the inevitable Metal Gear Solid situation. Hopefully they’re protected in seven castles each located in a world dominated by a different element or theme.

DOMAIN OWNERS will be able to certify themselves under changes rung in by the DNS Security Extensions system (DNSSec) that is expected to be the biggest upgrade to the Internet since the World Wide Web was introduced, according to the Internet Corporation for Assigned Names and Numbers (Icann).

Self certification ensures that a web page really, really is from the stated provider, and so will eliminate many popular attacks, says Icann. Rod Beckstrom, chairman and CEO of Icann, told The INQUIRER that Vint Cerf, chief Internet evangelist at Google, had called the new system the most important change in the Internet since the development of the World Wide Web by Sir Tim Berners-Lee. It must be true, then.